CVE-2017-9696

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description A buffer over-read issue is present in the camera driver function msm isp stop stats stream(). The variable stream cfg cmd->num streams is obtained from userspace and is not validated against the "MSM ISP STATS MAX" limit.

Recommendations For Android for MSM, consider restricting access to the msm isp stop stats stream() function until a proper validation mechanism for stream cfg cmd->num streams is implemented. For Firefox OS for MSM, restrict the use of the stream cfg cmd->num streams variable in the msm isp stop stats stream() function to prevent potential over-reads. For QRD Android, as a temporary workaround, consider disabling the msm isp stop stats stream() function until a patch is available that properly checks stream cfg cmd->num streams against "MSM ISP STATS MAX".